The network technologies have been developed for many years. FIG. 1A depicts a schematic architecture of a conventional network system 1. The network system 1 comprises a server 11, a gateway 15, and a plurality of electronic apparatuses 17. The server 11 connects to the gateway 15 via the Internet 13 and connects to the electronic apparatuses 17 via the gateway 15. In recent years, this architecture of the network system 1 is often used in Internet of Things (IoT) systems, for example, in Advanced Metering Infrastructure (AMI) systems. When the network system 1 is an AMI system, the server 11 may be a meter data management system (MDMS), the gateway 15 may be a concentrator, and the electronic apparatuses 17 may each be a smart meter.
When the network system 1 is an IoT system, the server 11 has to access information (e.g., read power consumption data collected and stored in the smart meters, set the Time of Use (TOU) parameters of the smart meters, control statuses (On or Off) of power supply switches in the smart meters, activate and execute the firmware updating function of the smart meters, and so on) from the electronic apparatuses 17 frequently. Since the network system 1 is often of a very large scale, the number of the electronic apparatuses 17 is great (e.g., in an AMI system, the number of the smart meters is usually on the order of millions) and the access operations of the electronic apparatuses 17 are very complex. When the operations are executed in the aforesaid centralized way (i.e., all the electronic apparatuses 17 are accessed by the server 11 directly), a poor efficiency is often caused. Therefore, a distributed operation mode has to be adopted in which the server delegates the right of accessing the electronic apparatuses 17 to the gateways 15 so that the gateways 15 are authorized to execute the operations. The distributed operation mode can improve the operation efficiency.
Please refer to FIG. 1B. In the distributed system environment, when a system 112 (i.e., a delegator) delegates another system 113 (i.e., a delegatee) to access resources from a service system 114 according to the prior art, the system (delegator) 112 issues an authorization credential to the system (delegatee) 113 and then the system (delegatee) 113 generates an access request according to the right authorized and transmits the authorization credential and the access request to the service system 114. After checking and verifying related rights, the service system 114 executes the access operation.
The authorization credential mainly comprises an identity of the delegator, an identity of the delegate, a privilege and so on, which may be in the form of the X.509 Privilege Attribute Certificate, the Kerberos Ticket, or various forms of Delegation Certificate. In practical operations, the access request does not comprise the privilege information, so it must be used in combination with the authorization credential. In addition, message verification and relevance check must be performed by the service system 114 on the authorization credential and the access request. Therefore, the operations are relatively complex. Moreover, the meaning of the privilege is not specified in the two messages, so the privilege must be interpreted and controlled by the service system 114 independently. Therefore, related security problems are likely to occur due to the inexplicit definition. Furthermore, although the access data is carried in the authorization credential in another implementation, the system (delegatee) 113 cannot independently generate the access request message as needed according to the right authorized in this implementation because the authorization credential can only be generated by the system (delegator) 112. As a result, this implementation not only has poor flexibility in use, but the system (delegator) 112 must also generate an authorization credential for each access operation, which causes a heavy workload of this system. When this implementation is applied to the aforesaid IoT system, the effect of distributed processing cannot be achieved. Accordingly, an urgent need exists in the art to provide a delegation mechanism that is simple and flexible in use so as to solve the aforesaid problems.